CVE-2015-3952

🗓️ 25 Mar 2019 15:42:39Reported by icscertType

Wireless keys stored in plain text on Hospira infusion systems including Plum A+, Plum A+3, and Symbiq devices, prompting the closure of Port 20/FTP and Port 23/TELNET by Hospira

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2015-3952	25 Mar 201919:27	–	circl
CNVD	Information Disclosure Vulnerability in Multiple Hospira Products	24 Jun 201500:00	–	cnvd
CVE	CVE-2015-3952	25 Mar 201915:42	–	cve
EUVD	EUVD-2015-3983	7 Oct 202500:30	–	euvd
ICS	Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities	13 Mar 201506:00	–	ics
NVD	CVE-2015-3952	25 Mar 201916:29	–	nvd
Prion	Authorization	25 Mar 201916:29	–	prion

[
  {
    "product": "Plum A+ Infusion System",
    "vendor": "Hospira",
    "versions": [
      {
        "status": "affected",
        "version": "<= 13.4"
      }
    ]
  },
  {
    "product": "Plum A+3 Infusion System",
    "vendor": "Hospira",
    "versions": [
      {
        "status": "affected",
        "version": "<= 13.6"
      }
    ]
  },
  {
    "product": "Symbiq Infusion System",
    "vendor": "Hospira",
    "versions": [
      {
        "status": "affected",
        "version": "<= 3.13"
      }
    ]
  }
]

Source	Link
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-15-161-01

25 Mar 2019 15:42Current

7.4High risk

Vulners AI Score7.4

EPSS0.0012

CWE-312